Research based on tools investigation of security risk assessment according to the information systems resources
DOI:
https://doi.org/10.18372/2410-7840.19.11443Keywords:
information security, risk, risk assessment, analytic-synthetic tuple model, tools for information security risk assessment, threat, vulnerability, risk characteristicsAbstract
One of the main stages of integrated systems construction for protecting information resources is risk assessment. Often, specialists of the companies to increase the efficiency of information security pay attention to the choice of adequate tools of information security risks assessment that will meet the relevant requirements. Nowadays there is a wide range of such tools. For their rational choice, a variety of risk assessment tools have been investigated to determine the set of necessary comparative characteristics. According to the mentioned means, taking into account the known analytical-synthetic tuple model of risk characteristics, a tuple is formed, which makes it possible due to the certain parameters, to unify the process of comparative analysis of such means. This will enhance the effectiveness of the choice implementation to solve the corresponding tasks of information security.References
Корченко А.Г. Бистабильная интегрированная кортежная модель характеристик риска / А.Г. Корченко, С.В. Казмирчук, А.Ю. Гололобов, Ю.А. Дрейс // Защита информации – 2016. – Том 18 №4. – С. 314-323.
Model-Driven Risk Analysis. Chapter: A Guided Tour of the CORAS Method, Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen, 2011, SINTEF ICT, Oslo, Norway, pp 23-43.
Expression des Besoins et Identification des Objectifs de Sécurité EBIOS, Méthode de gestion des risques, ANSSI/ACE/BAC, Paris, Version du 25 janvier 2010, 95 р.
Quantitative Risk Assessment with ISAMM on ESA’s Operations Data System [Electronic resource] [Carlo Harpes, André Adelsbach, Stefano Zatti, Nestor Pec-cia] / Itrust consulting, 2017 – Access mode: World Wide Web. – URL: https://www.itrust.lu/ wp-con-tent/uploads/ 2007/ 09/publications_ TTC_ 2007_abstract_risk_assessment_with_ISAMM.pdf (19.01.2017).
IRAM2 Managing information risk is a business essential [Electronic resource] / Information Security Forum Limited, 2014 – Access mode: World Wide Web. – URL: https://www.securityforum.org/ up-loads/2015/03/ISF-IRAM2-ES.pdf (20.01.2017).
Practical Threat Analysis in-depth [Electronic resource] / PTA Technologies, 2013 – Access mode: World Wide Web. – URL: http://www.ptatechnolo-gies.com/default.htm (20.01.2017).
Корченко А.Г. Анализ и оценивание рисков информационной безопасности / А.Г. Корченко, А.Е. Архипов, С.В. Казмирчук // Монография. – К.: ООО «Лазурит-Полиграф», 2013. – 275 с.
Шевченко А. Метод оцінювання ризиків з урахуванням впливу механізмів захисту інформації на параметри безпроводових інформаційно-телекомунікаційних систем під час інформаційних операцій / А. Шевченко, О. Кокотов // Безпека информации – 2014. – Том 20 №1. – С. 7-11.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
